The textClipPath member is set in CairoOutputDev::endString() and freed
in CairoOutputDev::endTextObject(). However, if endTextObject() is not
called for whatever reason, the path will just be leaked.

This adds code to the destructor to free this.

This fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=32326

Testing done:

$ wget -O testcase 'https://oss-fuzz.com/download?testcase_id=6659952325296128'
[...]
$ cmake .. -G Ninja -DENABLE_DCTDECODER=unmaintained -DENABLE_BOOST=OFF -DENABLE_LIBOPENJPEG=unmaintained && ninja
[...]
$ git describe
poppler-21.06.1-5-gb7c40059
$ valgrind --leak-check=full ./utils/pdftocairo testcase -png foo
[...]
==104075==
==104075== HEAP SUMMARY:
==104075==     in use at exit: 28,292 bytes in 55 blocks
==104075==   total heap usage: 6,114 allocs, 6,059 frees, 1,617,444 bytes allocated
==104075==
==104075== 24 bytes in 1 blocks are definitely lost in loss record 4 of 37
==104075==    at 0x483877F: malloc (in /usr/lib/x86_64-linux-gnu/valgrind/vgpreload_memcheck-amd64-linux.so)
==104075==    by 0x48AE748: ??? (in /usr/lib/x86_64-linux-gnu/libcairo.so.2.11600.0)
==104075==    by 0x118995: endString (CairoOutputDev.cc:1474)
==104075==    by 0x118995: CairoOutputDev::endString(GfxState*) (CairoOutputDev.cc:1412)
==104075==    by 0x4B97295: Gfx::doShowText(GooString const*) (Gfx.cc:4010)
==104075==    by 0x4B97CB4: Gfx::opShowSpaceText(Object*, int) (Gfx.cc:3793)
==104075==    by 0x4B8D866: Gfx::go(bool) (Gfx.cc:681)
==104075==    by 0x4B8DCFA: display (Gfx.cc:642)
==104075==    by 0x4B8DCFA: Gfx::display(Object*, bool) (Gfx.cc:622)
==104075==    by 0x4BE1A83: Page::displaySlice(OutputDev*, double, double, int, bool, bool, int, int, int, int, bool, bool (*)(void*), void*, bool (*)(Annot*, void*), void*, bool) (Page.cc:576)
==104075==    by 0x11317C: renderPage (pdftocairo.cc:669)
==104075==    by 0x11317C: main (pdftocairo.cc:1183)
==104075==
==104075== LEAK SUMMARY:
==104075==    definitely lost: 24 bytes in 1 blocks
==104075==    indirectly lost: 0 bytes in 0 blocks
==104075==      possibly lost: 0 bytes in 0 blocks
==104075==    still reachable: 28,268 bytes in 54 blocks
==104075==         suppressed: 0 bytes in 0 blocks
==104075== Reachable blocks (those to which a pointer was found) are not shown.
==104075== To see them, rerun with: --leak-check=full --show-leak-kinds=all
==104075==
==104075== For lists of detected and suppressed errors, rerun with: -s
==104075== ERROR SUMMARY: 1 errors from 1 contexts (suppressed: 0 from 0)
$ git checkout cairo-leak-textClipPath && git describe && ninja
Zu Branch 'cairo-leak-textClipPath' gewechselt
poppler-21.06.1-6-g8df6f8d2


$ valgrind --leak-check=full ./utils/pdftocairo testcase -png foo
[...]
==104263==
==104263== HEAP SUMMARY:
==104263==     in use at exit: 28,268 bytes in 54 blocks
==104263==   total heap usage: 6,114 allocs, 6,060 frees, 1,617,444 bytes allocated
==104263==
==104263== LEAK SUMMARY:
==104263==    definitely lost: 0 bytes in 0 blocks
==104263==    indirectly lost: 0 bytes in 0 blocks
==104263==      possibly lost: 0 bytes in 0 blocks
==104263==    still reachable: 28,268 bytes in 54 blocks
==104263==         suppressed: 0 bytes in 0 blocks
==104263== Reachable blocks (those to which a pointer was found) are not shown.
==104263== To see them, rerun with: --leak-check=full --show-leak-kinds=all
==104263==
==104263== For lists of detected and suppressed errors, rerun with: -s
==104263== ERROR SUMMARY: 0 errors from 0 contexts (suppressed: 0 from 0)

As you (might) see, before this commit, there is a "definitely lost"
leak of 24 bytes with this test case. After this commit, this leak is
gone.

Signed-off-by: Uli Schlachter <psychon@znc.in>